| |
| |||||||
Log-Analyse und Auswertung: Open Candy Virus, CPU-Auslastung 100 %Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.02.2014, 09:35
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Open Candy Virus, CPU-Auslastung 100 % TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.02.2014, 12:22
| #17 |
 | Open Candy Virus, CPU-Auslastung 100 %Code:
ATTFilter 09:44:12.0276 4900 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:44:14.0975 4900 ============================================================
09:44:14.0975 4900 Current date / time: 2014/02/05 09:44:14.0975
09:44:14.0975 4900 SystemInfo:
09:44:14.0975 4900
09:44:14.0975 4900 OS Version: 6.0.6002 ServicePack: 2.0
09:44:14.0975 4900 Product type: Workstation
09:44:14.0975 4900 ComputerName: LEO-PC
09:44:14.0975 4900 UserName: Leo
09:44:14.0975 4900 Windows directory: C:\Windows
09:44:14.0975 4900 System windows directory: C:\Windows
09:44:14.0975 4900 Processor architecture: Intel x86
09:44:14.0975 4900 Number of processors: 2
09:44:14.0975 4900 Page size: 0x1000
09:44:14.0975 4900 Boot type: Normal boot
09:44:14.0975 4900 ============================================================
09:44:15.0599 4900 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:44:15.0614 4900 ============================================================
09:44:15.0614 4900 \Device\Harddisk0\DR0:
09:44:15.0614 4900 MBR partitions:
09:44:15.0614 4900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1411800, BlocksNum 0x2D5270B0
09:44:15.0614 4900 ============================================================
09:44:15.0739 4900 C: <-> \Device\Harddisk0\DR0\Partition1
09:44:15.0739 4900 ============================================================
09:44:15.0739 4900 Initialize success
09:44:15.0739 4900 ============================================================
09:44:32.0307 0280 ============================================================
09:44:32.0307 0280 Scan started
09:44:32.0307 0280 Mode: Manual; SigCheck; TDLFS;
09:44:32.0307 0280 ============================================================
09:44:32.0947 0280 ================ Scan system memory ========================
09:44:32.0947 0280 System memory - ok
09:44:32.0947 0280 ================ Scan services =============================
09:44:33.0384 0280 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:44:34.0429 0280 ACDaemon - ok
09:44:34.0601 0280 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:44:34.0632 0280 ACPI - ok
09:44:34.0725 0280 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:44:34.0757 0280 AdobeFlashPlayerUpdateSvc - ok
09:44:34.0819 0280 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:44:34.0866 0280 adp94xx - ok
09:44:34.0897 0280 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:44:34.0928 0280 adpahci - ok
09:44:34.0959 0280 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:44:34.0991 0280 adpu160m - ok
09:44:35.0037 0280 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:44:35.0069 0280 adpu320 - ok
09:44:35.0131 0280 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:44:35.0178 0280 AeLookupSvc - ok
09:44:35.0256 0280 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:44:35.0318 0280 AFD - ok
09:44:35.0381 0280 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:44:35.0396 0280 agp440 - ok
09:44:35.0427 0280 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:44:35.0459 0280 aic78xx - ok
09:44:35.0771 0280 [ BBE9054FDADC8D49D29C5DA4FB84A803 ] Akamai c:\program files\common files\akamai/netsession_win_8fa3539.dll
09:44:35.0771 0280 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803
09:44:35.0786 0280 Akamai ( HiddenFile.Multi.Generic ) - warning
09:44:35.0786 0280 Akamai - detected HiddenFile.Multi.Generic (1)
09:44:35.0817 0280 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:44:35.0880 0280 ALG - ok
09:44:35.0911 0280 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
09:44:35.0942 0280 aliide - ok
09:44:35.0958 0280 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:44:35.0973 0280 amdagp - ok
09:44:35.0989 0280 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
09:44:36.0020 0280 amdide - ok
09:44:36.0036 0280 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:44:36.0098 0280 AmdK7 - ok
09:44:36.0145 0280 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:44:36.0207 0280 AmdK8 - ok
09:44:36.0239 0280 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:44:36.0270 0280 Appinfo - ok
09:44:36.0379 0280 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:44:36.0395 0280 Apple Mobile Device - ok
09:44:36.0473 0280 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
09:44:36.0488 0280 arc - ok
09:44:36.0519 0280 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:44:36.0551 0280 arcsas - ok
09:44:36.0597 0280 [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:44:36.0613 0280 ArcSoftKsUFilter - ok
09:44:36.0785 0280 [ 2FE0D5DB69014980A970D3BF9A85D2B1 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:44:36.0816 0280 aspnet_state - ok
09:44:36.0847 0280 [ 6F1505608202BBD179095A6A150D103F ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
09:44:36.0878 0280 aswMonFlt - ok
09:44:36.0941 0280 [ B269C41DF93EFF71DF0986BD982D1C46 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
09:44:36.0956 0280 aswRdr - ok
09:44:37.0019 0280 [ F385467DF95D0A73775CB3B076B8B969 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
09:44:37.0050 0280 aswRvrt - ok
09:44:37.0128 0280 [ 0F639D0526820BA7872C963813E0EB8D ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
09:44:37.0190 0280 aswSnx - ok
09:44:37.0253 0280 [ 7BA7543EA7936A7ADA615F6DE7C95494 ] aswSP C:\Windows\system32\drivers\aswSP.sys
09:44:37.0331 0280 aswSP - ok
09:44:37.0377 0280 [ 875D2B1054F2ECD8F575D6CBE78DD7BA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
09:44:37.0409 0280 aswTdi - ok
09:44:37.0580 0280 [ 1B0662514A68C3A42E60D240C5ABEF28 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
09:44:37.0611 0280 aswVmm - ok
09:44:37.0658 0280 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:44:37.0689 0280 AsyncMac - ok
09:44:37.0814 0280 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
09:44:37.0830 0280 atapi - ok
09:44:38.0033 0280 [ 1EA05449220E3D755477CE517A83846B ] athr C:\Windows\system32\DRIVERS\athr.sys
09:44:38.0221 0280 athr - ok
09:44:38.0829 0280 [ 6455100A6CDB1DEDC551E12FD41BC519 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
09:44:38.0923 0280 Ati External Event Utility - ok
09:44:39.0640 0280 [ 9F66D1BA97911731133E46212539A08D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:44:40.0202 0280 atikmdag - ok
09:44:40.0264 0280 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:44:40.0311 0280 AudioEndpointBuilder - ok
09:44:40.0327 0280 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:44:40.0389 0280 Audiosrv - ok
09:44:40.0483 0280 [ D74884939D53612FD84AC82C59CCFE27 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
09:44:40.0498 0280 avast! Antivirus - ok
09:44:40.0576 0280 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:44:40.0608 0280 Beep - ok
09:44:40.0717 0280 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:44:40.0795 0280 BFE - ok
09:44:40.0904 0280 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
09:44:40.0966 0280 BITS - ok
09:44:41.0013 0280 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:44:41.0091 0280 blbdrive - ok
09:44:41.0216 0280 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:44:41.0247 0280 Bonjour Service - ok
09:44:41.0294 0280 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:44:41.0325 0280 bowser - ok
09:44:41.0419 0280 [ 46B72A8C5F545AFAFF30F4A468844FBA ] BoxSyncUpdateService C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
09:44:41.0419 0280 BoxSyncUpdateService ( UnsignedFile.Multi.Generic ) - warning
09:44:41.0419 0280 BoxSyncUpdateService - detected UnsignedFile.Multi.Generic (1)
09:44:41.0466 0280 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:44:41.0528 0280 BrFiltLo - ok
09:44:41.0606 0280 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:44:41.0637 0280 BrFiltUp - ok
09:44:41.0684 0280 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:44:41.0731 0280 Browser - ok
09:44:41.0793 0280 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:44:41.0902 0280 Brserid - ok
09:44:41.0934 0280 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:44:42.0012 0280 BrSerWdm - ok
09:44:42.0043 0280 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:44:42.0168 0280 BrUsbMdm - ok
09:44:42.0214 0280 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:44:42.0308 0280 BrUsbSer - ok
09:44:42.0386 0280 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:44:42.0495 0280 BTHMODEM - ok
09:44:42.0573 0280 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
09:44:42.0604 0280 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
09:44:42.0604 0280 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
09:44:42.0838 0280 catchme - ok
09:44:42.0870 0280 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:44:42.0948 0280 cdfs - ok
09:44:43.0088 0280 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:44:43.0150 0280 cdrom - ok
09:44:43.0197 0280 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:44:43.0291 0280 CertPropSvc - ok
09:44:43.0650 0280 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
09:44:43.0712 0280 circlass - ok
09:44:43.0899 0280 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:44:43.0946 0280 CLFS - ok
09:44:44.0040 0280 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:44:44.0071 0280 clr_optimization_v2.0.50727_32 - ok
09:44:44.0133 0280 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:44:44.0164 0280 clr_optimization_v4.0.30319_32 - ok
09:44:44.0211 0280 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:44:44.0289 0280 CmBatt - ok
09:44:44.0383 0280 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:44:44.0398 0280 cmdide - ok
09:44:44.0445 0280 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:44:44.0461 0280 Compbatt - ok
09:44:44.0461 0280 COMSysApp - ok
09:44:44.0508 0280 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:44:44.0523 0280 crcdisk - ok
09:44:44.0554 0280 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:44:44.0664 0280 Crusoe - ok
09:44:44.0788 0280 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:44:44.0820 0280 CryptSvc - ok
09:44:44.0929 0280 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:44:44.0991 0280 DcomLaunch - ok
09:44:45.0069 0280 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:44:45.0147 0280 DfsC - ok
09:44:45.0397 0280 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:44:45.0600 0280 DFSR - ok
09:44:45.0756 0280 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:44:45.0834 0280 Dhcp - ok
09:44:45.0896 0280 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:44:45.0912 0280 disk - ok
09:44:45.0958 0280 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
09:44:45.0974 0280 DMICall - ok
09:44:46.0021 0280 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:44:46.0068 0280 Dnscache - ok
09:44:46.0146 0280 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:44:46.0208 0280 dot3svc - ok
09:44:46.0239 0280 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:44:46.0333 0280 DPS - ok
09:44:46.0380 0280 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:44:46.0442 0280 drmkaud - ok
09:44:46.0489 0280 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:44:46.0551 0280 DXGKrnl - ok
09:44:46.0598 0280 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:44:46.0707 0280 E1G60 - ok
09:44:46.0785 0280 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:44:46.0848 0280 EapHost - ok
09:44:46.0926 0280 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:44:46.0941 0280 Ecache - ok
09:44:47.0175 0280 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:44:47.0206 0280 ehRecvr - ok
09:44:47.0284 0280 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:44:47.0378 0280 ehSched - ok
09:44:47.0409 0280 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:44:47.0456 0280 ehstart - ok
09:44:47.0550 0280 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:44:47.0596 0280 elxstor - ok
09:44:47.0659 0280 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:44:47.0737 0280 EMDMgmt - ok
09:44:47.0768 0280 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:44:47.0815 0280 ErrDev - ok
09:44:47.0877 0280 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:44:47.0924 0280 EventSystem - ok
09:44:48.0002 0280 [ BA6063E3375F9BC11A9C8450A7F61E70 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:44:48.0064 0280 EvtEng ( UnsignedFile.Multi.Generic ) - warning
09:44:48.0064 0280 EvtEng - detected UnsignedFile.Multi.Generic (1)
09:44:48.0127 0280 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:44:48.0174 0280 exfat - ok
09:44:48.0423 0280 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:44:48.0595 0280 fastfat - ok
09:44:48.0673 0280 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:44:48.0751 0280 fdc - ok
09:44:48.0938 0280 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:44:49.0063 0280 fdPHost - ok
09:44:49.0484 0280 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:44:49.0936 0280 FDResPub - ok
09:44:50.0186 0280 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:44:50.0202 0280 FileInfo - ok
09:44:50.0233 0280 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:44:50.0295 0280 Filetrace - ok
09:44:50.0498 0280 [ 1A18EBD87AA9FBF6EFE8CFADA08D0275 ] FirebirdGuardianDefaultInstance C:\Program Files\firebird\firebird_2_5\bin\fbguard.exe
09:44:50.0545 0280 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
09:44:50.0545 0280 FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)
09:44:50.0935 0280 [ 53C740150C082AAF3C7D21C1D6A9FF98 ] FirebirdServerDefaultInstance C:\Program Files\firebird\firebird_2_5\bin\fbserver.exe
09:44:52.0074 0280 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
09:44:52.0074 0280 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)
09:44:52.0261 0280 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:44:52.0339 0280 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:44:52.0339 0280 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:44:52.0417 0280 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:44:52.0495 0280 flpydisk - ok
09:44:52.0557 0280 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:44:52.0588 0280 FltMgr - ok
09:44:52.0698 0280 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
09:44:52.0854 0280 FontCache - ok
09:44:52.0963 0280 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:44:52.0978 0280 FontCache3.0.0.0 - ok
09:44:53.0025 0280 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:44:53.0072 0280 Fs_Rec - ok
09:44:53.0119 0280 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:44:53.0150 0280 gagp30kx - ok
09:44:53.0197 0280 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:44:53.0212 0280 GEARAspiWDM - ok
09:44:53.0259 0280 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:44:53.0353 0280 gpsvc - ok
09:44:53.0400 0280 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:44:53.0509 0280 HdAudAddService - ok
09:44:53.0571 0280 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:44:53.0649 0280 HDAudBus - ok
09:44:53.0712 0280 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:44:53.0790 0280 HidBth - ok
09:44:53.0805 0280 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:44:53.0883 0280 HidIr - ok
09:44:53.0930 0280 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
09:44:53.0977 0280 hidserv - ok
09:44:54.0008 0280 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:44:54.0070 0280 HidUsb - ok
09:44:54.0133 0280 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:44:54.0180 0280 hkmsvc - ok
09:44:54.0211 0280 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:44:54.0242 0280 HpCISSs - ok
09:44:54.0258 0280 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:44:54.0304 0280 HSFHWAZL - ok
09:44:54.0601 0280 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:44:54.0726 0280 HSF_DPV - ok
09:44:54.0772 0280 HSXHWAZL - ok
09:44:54.0835 0280 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:44:54.0913 0280 HTTP - ok
09:44:54.0960 0280 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:44:54.0991 0280 i2omp - ok
09:44:55.0022 0280 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:44:55.0069 0280 i8042prt - ok
09:44:55.0116 0280 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:44:55.0131 0280 iaStor - ok
09:44:55.0256 0280 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:44:55.0272 0280 iaStorV - ok
09:44:55.0412 0280 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:44:55.0490 0280 idsvc - ok
09:44:55.0552 0280 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:44:55.0568 0280 iirsp - ok
09:44:55.0724 0280 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:44:55.0802 0280 IKEEXT - ok
09:44:56.0192 0280 [ 3AA1F82EFA2B0454AF163124C9920D16 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:44:56.0488 0280 IntcAzAudAddService - ok
09:44:56.0956 0280 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
09:44:56.0988 0280 intelide - ok
09:44:57.0050 0280 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:44:57.0128 0280 intelppm - ok
09:44:57.0175 0280 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:44:57.0253 0280 IPBusEnum - ok
09:44:57.0409 0280 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:44:57.0487 0280 IpFilterDriver - ok
09:44:57.0799 0280 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:44:57.0861 0280 iphlpsvc - ok
09:44:57.0877 0280 IpInIp - ok
09:44:57.0955 0280 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:44:58.0017 0280 IPMIDRV - ok
09:44:58.0048 0280 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:44:58.0126 0280 IPNAT - ok
09:44:58.0251 0280 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:44:58.0329 0280 iPod Service - ok
09:44:58.0407 0280 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:44:58.0454 0280 IRENUM - ok
09:44:58.0548 0280 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:44:58.0563 0280 isapnp - ok
09:44:58.0626 0280 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:44:58.0657 0280 iScsiPrt - ok
09:44:58.0672 0280 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:44:58.0704 0280 iteatapi - ok
09:44:58.0828 0280 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:44:58.0844 0280 iteraid - ok
09:44:58.0953 0280 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:44:58.0969 0280 IviRegMgr - ok
09:44:59.0000 0280 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:44:59.0031 0280 kbdclass - ok
09:44:59.0094 0280 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:44:59.0156 0280 kbdhid - ok
09:44:59.0218 0280 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:44:59.0250 0280 KeyIso - ok
09:44:59.0328 0280 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:44:59.0359 0280 KSecDD - ok
09:44:59.0421 0280 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:44:59.0546 0280 KtmRm - ok
09:44:59.0593 0280 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
09:44:59.0655 0280 LanmanServer - ok
09:44:59.0702 0280 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:44:59.0764 0280 LanmanWorkstation - ok
09:44:59.0796 0280 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:44:59.0874 0280 lltdio - ok
09:44:59.0905 0280 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:44:59.0967 0280 lltdsvc - ok
09:44:59.0983 0280 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:45:00.0092 0280 lmhosts - ok
09:45:00.0123 0280 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:45:00.0154 0280 LSI_FC - ok
09:45:00.0186 0280 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:45:00.0217 0280 LSI_SAS - ok
09:45:00.0232 0280 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:45:00.0264 0280 LSI_SCSI - ok
09:45:00.0295 0280 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:45:00.0357 0280 luafv - ok
09:45:00.0420 0280 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:45:00.0435 0280 MBAMProtector - ok
09:45:00.0622 0280 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:45:00.0669 0280 MBAMScheduler - ok
09:45:00.0747 0280 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:45:00.0778 0280 MBAMService - ok
09:45:00.0841 0280 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:45:00.0872 0280 Mcx2Svc - ok
09:45:00.0888 0280 mdmxsdk - ok
09:45:00.0919 0280 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
09:45:00.0950 0280 megasas - ok
09:45:00.0981 0280 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
09:45:01.0044 0280 MegaSR - ok
09:45:01.0168 0280 Microsoft SharePoint Workspace Audit Service - ok
09:45:01.0309 0280 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:45:01.0356 0280 MMCSS - ok
09:45:01.0387 0280 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:45:01.0465 0280 Modem - ok
09:45:01.0527 0280 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:45:01.0590 0280 monitor - ok
09:45:01.0621 0280 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:45:01.0652 0280 mouclass - ok
09:45:01.0683 0280 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:45:01.0746 0280 mouhid - ok
09:45:01.0792 0280 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:45:01.0824 0280 MountMgr - ok
09:45:01.0902 0280 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:45:01.0917 0280 MozillaMaintenance - ok
09:45:01.0964 0280 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
09:45:01.0995 0280 mpio - ok
09:45:02.0011 0280 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:45:02.0073 0280 mpsdrv - ok
09:45:02.0151 0280 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:45:02.0214 0280 MpsSvc - ok
09:45:02.0276 0280 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:45:02.0292 0280 Mraid35x - ok
09:45:02.0323 0280 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:45:02.0401 0280 MRxDAV - ok
09:45:02.0448 0280 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:45:02.0479 0280 mrxsmb - ok
09:45:02.0526 0280 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:45:02.0572 0280 mrxsmb10 - ok
09:45:02.0604 0280 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:45:02.0650 0280 mrxsmb20 - ok
09:45:02.0697 0280 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
09:45:02.0713 0280 msahci - ok
09:45:02.0744 0280 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:45:02.0775 0280 msdsm - ok
09:45:02.0822 0280 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:45:02.0869 0280 MSDTC - ok
09:45:02.0900 0280 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:45:02.0962 0280 Msfs - ok
09:45:03.0025 0280 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:45:03.0040 0280 msisadrv - ok
09:45:03.0072 0280 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:45:03.0134 0280 MSiSCSI - ok
09:45:03.0134 0280 msiserver - ok
09:45:03.0165 0280 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:45:03.0243 0280 MSKSSRV - ok
09:45:03.0274 0280 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:45:03.0321 0280 MSPCLOCK - ok
09:45:03.0337 0280 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:45:03.0384 0280 MSPQM - ok
09:45:03.0555 0280 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:45:03.0586 0280 MsRPC - ok
09:45:03.0664 0280 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:45:03.0680 0280 mssmbios - ok
09:45:03.0711 0280 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:45:03.0774 0280 MSTEE - ok
09:45:03.0883 0280 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:45:03.0898 0280 Mup - ok
09:45:03.0961 0280 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:45:04.0070 0280 napagent - ok
09:45:04.0132 0280 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:45:04.0226 0280 NativeWifiP - ok
09:45:04.0382 0280 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
09:45:04.0429 0280 NAUpdate - ok
09:45:04.0476 0280 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:45:04.0507 0280 NDIS - ok
09:45:04.0554 0280 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:45:04.0600 0280 NdisTapi - ok
09:45:04.0632 0280 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:45:04.0694 0280 Ndisuio - ok
09:45:04.0725 0280 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:45:04.0772 0280 NdisWan - ok
09:45:04.0850 0280 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:45:04.0897 0280 NDProxy - ok
09:45:04.0959 0280 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:45:04.0959 0280 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:45:04.0959 0280 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:45:05.0006 0280 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
09:45:05.0037 0280 Netaapl - ok
09:45:05.0084 0280 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:45:05.0146 0280 NetBIOS - ok
09:45:05.0240 0280 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:45:05.0318 0280 netbt - ok
09:45:05.0349 0280 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:45:05.0380 0280 Netlogon - ok
09:45:05.0427 0280 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:45:05.0490 0280 Netman - ok
09:45:05.0521 0280 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:45:05.0568 0280 NetMsmqActivator - ok
09:45:05.0568 0280 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:45:05.0599 0280 NetPipeActivator - ok
09:45:05.0630 0280 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:45:05.0677 0280 netprofm - ok
09:45:05.0692 0280 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:45:05.0724 0280 NetTcpActivator - ok
09:45:05.0724 0280 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:45:05.0755 0280 NetTcpPortSharing - ok
09:45:05.0911 0280 [ BA420E8EBFCAD35581FE8E4C64F71469 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
09:45:06.0160 0280 NETw5v32 - ok
09:45:06.0238 0280 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:45:06.0270 0280 nfrd960 - ok
09:45:06.0316 0280 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:45:06.0363 0280 NlaSvc - ok
09:45:06.0426 0280 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:45:06.0472 0280 Npfs - ok
09:45:06.0582 0280 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:45:06.0675 0280 nsi - ok
09:45:06.0738 0280 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:45:06.0784 0280 nsiproxy - ok
09:45:07.0081 0280 [ 276BFF84AD77DD23E1085E191F5A591F ] NSUService C:\Program Files\sony\Network Utility\NSUService.exe
09:45:07.0128 0280 NSUService ( UnsignedFile.Multi.Generic ) - warning
09:45:07.0128 0280 NSUService - detected UnsignedFile.Multi.Generic (1)
09:45:07.0346 0280 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:45:07.0455 0280 Ntfs - ok
09:45:07.0486 0280 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:45:07.0564 0280 ntrigdigi - ok
09:45:07.0596 0280 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:45:07.0642 0280 Null - ok
09:45:07.0705 0280 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:45:07.0720 0280 nvraid - ok
09:45:07.0861 0280 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:45:07.0876 0280 nvstor - ok
09:45:07.0970 0280 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:45:08.0001 0280 nv_agp - ok
09:45:08.0017 0280 NwlnkFlt - ok
09:45:08.0017 0280 NwlnkFwd - ok
09:45:08.0048 0280 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:45:08.0126 0280 ohci1394 - ok
09:45:08.0407 0280 [ A2FF28F46E52911D4B7A32EBA5AE64BB ] OpenVPNService C:\Program Files\FH-Aachen OpenVPN\bin\openvpnserv.exe
09:45:08.0422 0280 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
09:45:08.0422 0280 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
09:45:08.0594 0280 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:45:08.0641 0280 ose - ok
09:45:09.0187 0280 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:45:09.0592 0280 osppsvc - ok
09:45:09.0639 0280 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:45:09.0733 0280 p2pimsvc - ok
09:45:09.0748 0280 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:45:09.0795 0280 p2psvc - ok
09:45:09.0873 0280 [ B8040C5C1FC1FBBBE5C78CB9EDA343EC ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
09:45:09.0889 0280 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
09:45:09.0889 0280 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
09:45:09.0936 0280 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
09:45:10.0014 0280 Parport - ok
09:45:10.0060 0280 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:45:10.0092 0280 partmgr - ok
09:45:10.0123 0280 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:45:10.0232 0280 Parvdm - ok
09:45:10.0263 0280 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:45:10.0294 0280 PcaSvc - ok
09:45:10.0326 0280 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:45:10.0357 0280 pci - ok
09:45:10.0388 0280 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
09:45:10.0419 0280 pciide - ok
09:45:10.0435 0280 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:45:10.0466 0280 pcmcia - ok
09:45:10.0513 0280 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:45:10.0606 0280 PEAUTH - ok
09:45:10.0700 0280 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:45:10.0856 0280 pla - ok
09:45:10.0887 0280 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:45:10.0950 0280 PlugPlay - ok
09:45:10.0981 0280 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:45:10.0996 0280 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:45:10.0996 0280 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:45:11.0028 0280 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:45:11.0106 0280 PNRPAutoReg - ok
09:45:11.0121 0280 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:45:11.0199 0280 PNRPsvc - ok
09:45:11.0262 0280 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:45:11.0308 0280 PolicyAgent - ok
09:45:11.0402 0280 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:45:11.0511 0280 PptpMiniport - ok
09:45:11.0527 0280 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
09:45:11.0605 0280 Processor - ok
09:45:11.0653 0280 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:45:11.0699 0280 ProfSvc - ok
09:45:11.0731 0280 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:45:11.0809 0280 ProtectedStorage - ok
09:45:11.0871 0280 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:45:11.0918 0280 PSched - ok
09:45:11.0996 0280 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
09:45:12.0011 0280 PxHelp20 - ok
09:45:12.0121 0280 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:45:12.0199 0280 ql2300 - ok
09:45:12.0245 0280 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:45:12.0277 0280 ql40xx - ok
09:45:12.0308 0280 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:45:12.0355 0280 QWAVE - ok
09:45:12.0386 0280 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:45:12.0417 0280 QWAVEdrv - ok
09:45:12.0448 0280 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:45:12.0526 0280 RasAcd - ok
09:45:12.0620 0280 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:45:12.0713 0280 RasAuto - ok
09:45:12.0745 0280 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:45:13.0384 0280 Rasl2tp - ok
09:45:13.0743 0280 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:45:13.0837 0280 RasMan - ok
09:45:13.0915 0280 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:45:13.0993 0280 RasPppoe - ok
09:45:14.0024 0280 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:45:14.0071 0280 RasSstp - ok
09:45:14.0133 0280 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:45:14.0164 0280 rdbss - ok
09:45:14.0258 0280 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:45:14.0336 0280 RDPCDD - ok
09:45:14.0398 0280 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:45:14.0461 0280 rdpdr - ok
09:45:14.0476 0280 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:45:14.0523 0280 RDPENCDD - ok
09:45:14.0695 0280 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:45:14.0741 0280 RDPWD - ok
09:45:14.0773 0280 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
09:45:14.0788 0280 regi - ok
09:45:14.0960 0280 [ 7EEEEC28A34516E66137F355DCC15BDB ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:45:15.0038 0280 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
09:45:15.0038 0280 RegSrvc - detected UnsignedFile.Multi.Generic (1)
09:45:15.0147 0280 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:45:15.0194 0280 RemoteAccess - ok
09:45:15.0272 0280 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:45:15.0303 0280 RemoteRegistry - ok
09:45:15.0365 0280 [ F7D9ECF41EBD3CF6C65944368150F66B ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
09:45:15.0412 0280 rimsptsk - ok
09:45:15.0459 0280 [ 1BE6C42767A7C67BA31AE32B293B37A3 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
09:45:15.0506 0280 risdptsk - ok
09:45:15.0553 0280 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:45:15.0599 0280 RpcLocator - ok
09:45:15.0646 0280 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
09:45:15.0693 0280 RpcSs - ok
09:45:15.0740 0280 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:45:15.0849 0280 rspndr - ok
09:45:15.0865 0280 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:45:15.0896 0280 SamSs - ok
09:45:15.0927 0280 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:45:15.0943 0280 sbp2port - ok
09:45:15.0989 0280 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:45:16.0036 0280 SCardSvr - ok
09:45:16.0192 0280 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:45:16.0348 0280 Schedule - ok
09:45:16.0426 0280 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:45:16.0457 0280 SCPolicySvc - ok
09:45:16.0520 0280 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:45:16.0598 0280 sdbus - ok
09:45:16.0676 0280 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:45:16.0723 0280 SDRSVC - ok
09:45:16.0769 0280 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:45:16.0879 0280 secdrv - ok
09:45:16.0941 0280 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:45:16.0988 0280 seclogon - ok
09:45:17.0019 0280 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
09:45:17.0081 0280 SENS - ok
09:45:17.0128 0280 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:45:17.0237 0280 Serenum - ok
09:45:17.0269 0280 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
09:45:17.0362 0280 Serial - ok
09:45:17.0393 0280 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:45:17.0440 0280 sermouse - ok
09:45:17.0518 0280 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:45:17.0565 0280 SessionEnv - ok
09:45:17.0643 0280 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
09:45:17.0690 0280 SFEP - ok
09:45:17.0721 0280 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:45:17.0783 0280 sffdisk - ok
09:45:17.0799 0280 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:45:17.0846 0280 sffp_mmc - ok
09:45:17.0861 0280 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:45:17.0939 0280 sffp_sd - ok
09:45:17.0971 0280 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:45:18.0033 0280 sfloppy - ok
09:45:18.0142 0280 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:45:18.0236 0280 SharedAccess - ok
09:45:18.0329 0280 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:45:18.0361 0280 ShellHWDetection - ok
09:45:18.0407 0280 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:45:18.0439 0280 sisagp - ok
09:45:18.0470 0280 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:45:18.0485 0280 SiSRaid2 - ok
09:45:18.0532 0280 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:45:18.0548 0280 SiSRaid4 - ok
09:45:18.0797 0280 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:45:19.0250 0280 slsvc - ok
09:45:19.0515 0280 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:45:19.0609 0280 SLUINotify - ok
09:45:19.0702 0280 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:45:19.0733 0280 Smb - ok
09:45:19.0827 0280 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:45:19.0874 0280 SNMPTRAP - ok
09:45:20.0513 0280 [ 7B24EFA2A60BA7388FECDA63AB24560A ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
09:45:20.0529 0280 SOHCImp - ok
09:45:20.0607 0280 [ 140FCF5FFAE4EFBA9740A9FD8B49E0BF ] SOHDBSvr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
09:45:20.0623 0280 SOHDBSvr - ok
09:45:20.0669 0280 [ D8C244121A06B581B097D9617D94CFF1 ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
09:45:20.0701 0280 SOHDms - ok
09:45:20.0732 0280 [ 2DB561887EA122B946BBE2821473EDD8 ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
09:45:20.0747 0280 SOHDs - ok
09:45:20.0810 0280 [ AB9EE246A1EB2C3C7C6CB16E0B9462F7 ] SOHPlMgr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
09:45:20.0825 0280 SOHPlMgr - ok
09:45:20.0872 0280 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:45:20.0888 0280 spldr - ok
09:45:21.0059 0280 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:45:21.0091 0280 Spooler - ok
09:45:21.0231 0280 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
09:45:21.0231 0280 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
09:45:21.0247 0280 sptd ( LockedFile.Multi.Generic ) - warning
09:45:21.0247 0280 sptd - detected LockedFile.Multi.Generic (1)
09:45:21.0309 0280 [ 8831252BCF05FCFB5ABD116A22E552D8 ] sp_rsdrv2 C:\Windows\system32\drivers\sp_rsdrv2.sys
09:45:21.0356 0280 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
09:45:21.0356 0280 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
09:45:21.0465 0280 [ 4A4A857713740E1564F0B7623493AF06 ] sp_rssrv C:\Program Files\Spyware Terminator\sp_rsser.exe
09:45:21.0543 0280 sp_rssrv ( UnsignedFile.Multi.Generic ) - warning
09:45:21.0543 0280 sp_rssrv - detected UnsignedFile.Multi.Generic (1)
09:45:21.0730 0280 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:45:21.0808 0280 srv - ok
09:45:22.0120 0280 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:45:22.0229 0280 srv2 - ok
09:45:22.0245 0280 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:45:22.0276 0280 srvnet - ok
09:45:22.0401 0280 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:45:22.0463 0280 SSDPSRV - ok
09:45:22.0510 0280 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:45:22.0557 0280 SstpSvc - ok
09:45:22.0619 0280 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:45:22.0682 0280 stisvc - ok
09:45:22.0744 0280 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:45:22.0775 0280 swenum - ok
09:45:22.0807 0280 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:45:22.0885 0280 swprv - ok
09:45:22.0900 0280 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:45:22.0916 0280 Symc8xx - ok
09:45:22.0963 0280 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:45:22.0994 0280 Sym_hi - ok
09:45:23.0009 0280 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:45:23.0025 0280 Sym_u3 - ok
09:45:23.0072 0280 [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:45:23.0103 0280 SynTP - ok
09:45:23.0165 0280 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:45:23.0243 0280 SysMain - ok
09:45:23.0306 0280 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:45:23.0368 0280 TabletInputService - ok
09:45:23.0415 0280 [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
09:45:23.0446 0280 tap0901 - ok
09:45:23.0540 0280 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:45:23.0571 0280 TapiSrv - ok
09:45:23.0633 0280 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:45:23.0680 0280 TBS - ok
09:45:23.0836 0280 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:45:23.0945 0280 Tcpip - ok
09:45:24.0023 0280 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:45:24.0070 0280 Tcpip6 - ok
09:45:24.0117 0280 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:45:24.0148 0280 tcpipreg - ok
09:45:24.0195 0280 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:45:24.0242 0280 TDPIPE - ok
09:45:24.0273 0280 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:45:24.0320 0280 TDTCP - ok
09:45:24.0367 0280 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:45:24.0413 0280 tdx - ok
09:45:24.0601 0280 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
09:45:24.0725 0280 TeamViewer6 - ok
09:45:24.0757 0280 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:45:24.0772 0280 TermDD - ok
09:45:24.0819 0280 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:45:24.0913 0280 TermService - ok
09:45:24.0944 0280 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:45:24.0975 0280 Themes - ok
09:45:25.0006 0280 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:45:25.0053 0280 THREADORDER - ok
09:45:25.0115 0280 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:45:25.0193 0280 TrkWks - ok
09:45:25.0271 0280 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:45:25.0334 0280 TrustedInstaller - ok
09:45:25.0412 0280 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:45:25.0459 0280 tssecsrv - ok
09:45:25.0615 0280 [ 60C6AC47323C81712896C5C8C7974DD1 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
09:45:25.0724 0280 TuneUp.UtilitiesSvc - ok
09:45:25.0786 0280 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
09:45:25.0849 0280 TuneUpUtilitiesDrv - ok
09:45:25.0895 0280 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:45:25.0989 0280 tunmp - ok
09:45:26.0083 0280 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:45:26.0129 0280 tunnel - ok
09:45:26.0270 0280 [ 3338B908F6383053D956229A1EB2F6A3 ] tvnserver C:\Program Files\TightVNC\tvnserver.exe
09:45:26.0332 0280 tvnserver - ok
09:45:26.0363 0280 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:45:26.0395 0280 uagp35 - ok
09:45:26.0441 0280 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
09:45:26.0457 0280 uCamMonitor - ok
09:45:26.0738 0280 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:45:26.0816 0280 udfs - ok
09:45:27.0346 0280 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:45:27.0549 0280 UI0Detect - ok
09:45:27.0565 0280 UIUSys - ok
09:45:27.0861 0280 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:45:27.0877 0280 uliagpkx - ok
09:45:28.0298 0280 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:45:28.0329 0280 uliahci - ok
09:45:28.0454 0280 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:45:28.0469 0280 UlSata - ok
09:45:28.0563 0280 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:45:28.0579 0280 ulsata2 - ok
09:45:28.0625 0280 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:45:28.0657 0280 umbus - ok
09:45:28.0875 0280 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:45:28.0937 0280 upnphost - ok
09:45:29.0000 0280 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:45:29.0047 0280 USBAAPL - ok
09:45:29.0109 0280 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:45:29.0187 0280 usbaudio - ok
09:45:29.0234 0280 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:45:29.0296 0280 usbccgp - ok
09:45:29.0515 0280 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:45:29.0671 0280 usbcir - ok
09:45:29.0780 0280 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:45:29.0811 0280 usbehci - ok
09:45:29.0936 0280 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:45:30.0014 0280 usbhub - ok
09:45:30.0029 0280 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:45:30.0107 0280 usbohci - ok
09:45:30.0185 0280 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:45:30.0248 0280 usbprint - ok
09:45:30.0341 0280 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:45:30.0388 0280 usbscan - ok
09:45:30.0451 0280 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:45:30.0482 0280 USBSTOR - ok
09:45:30.0513 0280 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:45:30.0575 0280 usbuhci - ok
09:45:30.0638 0280 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:45:30.0685 0280 usbvideo - ok
09:45:30.0716 0280 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:45:30.0747 0280 UxSms - ok
09:45:30.0887 0280 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
09:45:30.0919 0280 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
09:45:30.0919 0280 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
09:45:31.0137 0280 [ 73328C784ECFE7072BD102F370076B50 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
09:45:31.0153 0280 VAIO Event Service - ok
09:45:31.0340 0280 [ 45A9AE4768840830D0239B52DFDC806A ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
09:45:31.0371 0280 VAIO Power Management - ok
09:45:31.0465 0280 [ 85BE2230CFEF3FB299358E45A33F29A9 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
09:45:31.0496 0280 VBoxNetAdp - ok
09:45:31.0527 0280 VBoxNetFlt - ok
09:45:31.0730 0280 [ 0ED1D51DCEC67F96CC313D02A1741CF3 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
09:45:32.0557 0280 VCFw - ok
09:45:32.0650 0280 [ 7295A2B5795E7B8AA128E5DF5A29B656 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
09:45:32.0681 0280 VcmIAlzMgr - ok
09:45:32.0744 0280 [ 69C36D2A7B2169C336D9CE193C9B655E ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
09:45:32.0759 0280 VcmXmlIfHelper - ok
09:45:32.0775 0280 Vcsw - ok
09:45:32.0822 0280 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:45:32.0884 0280 vds - ok
09:45:32.0931 0280 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:45:32.0993 0280 vga - ok
09:45:33.0009 0280 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:45:33.0056 0280 VgaSave - ok
09:45:33.0227 0280 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:45:33.0259 0280 viaagp - ok
09:45:33.0617 0280 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:45:33.0680 0280 ViaC7 - ok
09:45:33.0727 0280 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
09:45:33.0758 0280 viaide - ok
09:45:33.0789 0280 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:45:33.0820 0280 volmgr - ok
09:45:34.0241 0280 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:45:34.0273 0280 volmgrx - ok
09:45:34.0335 0280 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:45:34.0366 0280 volsnap - ok
09:45:34.0413 0280 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:45:34.0429 0280 vsmraid - ok
09:45:34.0585 0280 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:45:34.0678 0280 VSS - ok
09:45:34.0819 0280 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
09:45:34.0850 0280 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
09:45:34.0850 0280 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
09:45:34.0990 0280 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:45:35.0037 0280 W32Time - ok
09:45:35.0099 0280 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:45:35.0193 0280 WacomPen - ok
09:45:35.0240 0280 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:45:35.0302 0280 Wanarp - ok
09:45:35.0302 0280 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:45:35.0333 0280 Wanarpv6 - ok
09:45:35.0396 0280 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:45:35.0489 0280 wcncsvc - ok
09:45:35.0567 0280 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:45:35.0614 0280 WcsPlugInService - ok
09:45:35.0661 0280 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
09:45:35.0692 0280 Wd - ok
09:45:35.0801 0280 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:45:35.0848 0280 Wdf01000 - ok
09:45:35.0864 0280 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:45:35.0957 0280 WdiServiceHost - ok
09:45:35.0957 0280 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:45:36.0020 0280 WdiSystemHost - ok
09:45:36.0067 0280 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:45:36.0113 0280 WebClient - ok
09:45:36.0145 0280 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:45:36.0191 0280 Wecsvc - ok
09:45:36.0238 0280 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:45:36.0285 0280 wercplsupport - ok
09:45:36.0347 0280 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:45:36.0394 0280 WerSvc - ok
09:45:36.0425 0280 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
09:45:36.0441 0280 WimFltr - ok
09:45:36.0550 0280 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:45:36.0628 0280 winachsf - ok
09:45:36.0831 0280 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:45:36.0862 0280 WinDefend - ok
09:45:36.0878 0280 WinHttpAutoProxySvc - ok
09:45:36.0971 0280 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:45:37.0018 0280 Winmgmt - ok
09:45:37.0081 0280 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:45:37.0143 0280 WinRM - ok
09:45:37.0221 0280 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:45:37.0315 0280 Wlansvc - ok
09:45:37.0689 0280 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:45:37.0939 0280 wlidsvc - ok
09:45:38.0001 0280 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:45:38.0079 0280 WmiAcpi - ok
09:45:38.0141 0280 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:45:38.0235 0280 wmiApSrv - ok
09:45:38.0313 0280 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:45:38.0375 0280 WMPNetworkSvc - ok
09:45:38.0438 0280 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:45:38.0469 0280 WPCSvc - ok
09:45:38.0500 0280 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:45:38.0594 0280 WPDBusEnum - ok
09:45:38.0625 0280 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:45:38.0672 0280 WpdUsb - ok
09:45:38.0843 0280 [ 762CD41257671CE9DD1B57967537E0D9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:45:38.0906 0280 WPFFontCache_v0400 - ok
09:45:38.0937 0280 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:45:38.0984 0280 ws2ifsl - ok
09:45:39.0031 0280 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
09:45:39.0062 0280 wscsvc - ok
09:45:39.0077 0280 WSearch - ok
09:45:39.0296 0280 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:45:39.0405 0280 wuauserv - ok
09:45:39.0467 0280 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:45:39.0530 0280 WUDFRd - ok
09:45:39.0561 0280 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:45:39.0623 0280 wudfsvc - ok
09:45:39.0655 0280 [ 7D4CCA3659FA0780603206E3D12A993F ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
09:45:39.0686 0280 yukonwlh - ok
09:45:39.0717 0280 ================ Scan global ===============================
09:45:39.0795 0280 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:45:39.0857 0280 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:45:39.0873 0280 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:45:39.0935 0280 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:45:39.0935 0280 [Global] - ok
09:45:39.0935 0280 ================ Scan MBR ==================================
09:45:39.0951 0280 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:45:40.0840 0280 \Device\Harddisk0\DR0 - ok
09:45:40.0840 0280 ================ Scan VBR ==================================
09:45:40.0871 0280 [ 208F56093C77D878712EC462D2CB393A ] \Device\Harddisk0\DR0\Partition1
09:45:40.0887 0280 \Device\Harddisk0\DR0\Partition1 - ok
09:45:40.0887 0280 ============================================================
09:45:40.0887 0280 Scan finished
09:45:40.0887 0280 ============================================================
09:45:40.0887 4792 Detected object count: 18
09:45:40.0887 4792 Actual detected object count: 18
09:48:01.0524 4792 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
09:48:01.0524 4792 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
09:48:01.0524 4792 BoxSyncUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0524 4792 BoxSyncUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0524 4792 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0524 4792 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0524 4792 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0524 4792 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0524 4792 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0524 4792 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0524 4792 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0524 4792 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0540 4792 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0540 4792 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0540 4792 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0540 4792 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0540 4792 NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0540 4792 NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0540 4792 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0540 4792 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0540 4792 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0540 4792 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0555 4792 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0555 4792 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0555 4792 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0555 4792 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0555 4792 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:48:01.0555 4792 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:48:01.0555 4792 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0555 4792 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0555 4792 sp_rssrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0555 4792 sp_rssrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0555 4792 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0555 4792 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:48:01.0571 4792 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:48:01.0571 4792 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.05.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Leo :: LEO-PC [administrator]
05.02.2014 09:59:38
mbar-log-2014-02-05 (09-59-38).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 236339
Time elapsed: 1 hour(s), 11 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
05.02.2014, 12:57
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Open Candy Virus, CPU-Auslastung 100 % Neuen Lauf mit mBAR gemacht?
__________________
__________________ |
|
05.02.2014, 13:14
| #19 |
| | Open Candy Virus, CPU-Auslastung 100 % Ja aber der war clean Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.05.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Leo :: LEO-PC [administrator]
05.02.2014 11:21:26
mbar-log-2014-02-05 (11-21-26).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 237320
Time elapsed: 57 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
05.02.2014, 13:18
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Open Candy Virus, CPU-Auslastung 100 % Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2014, 14:02
| #21 |
| | Open Candy Virus, CPU-Auslastung 100 % Beim FRST wurde diesmal keine Addition.txt erzeugt Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 05/02/2014 um 13:36:30
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Leo - LEO-PC
# Gestartet von : C:\Users\Leo\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\qrj3x8j2.default-1389906449841\foxydeal.sqlite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
***** [ Browser ] *****
-\\ Internet Explorer v7.0.6002.18005
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\jz4xn86k.default\prefs.js ]
[ Datei : C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\qrj3x8j2.default-1389906449841\prefs.js ]
*************************
AdwCleaner[R0].txt - [17396 octets] - [04/02/2014 12:58:11]
AdwCleaner[R1].txt - [1217 octets] - [05/02/2014 13:25:16]
AdwCleaner[S0].txt - [17482 octets] - [04/02/2014 13:03:50]
AdwCleaner[S1].txt - [1138 octets] - [05/02/2014 13:36:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1198 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Leo on 05.02.2014 at 13:43:48,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\atdhenettvapp.com"
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{04457256-ADC2-48C6-A8E5-D37052124D57}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{05C5BE6F-C601-47D1-96DF-6C22C5F146E2}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{0B19E865-3E97-4432-A4CD-AF32F24E9D40}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{0E80969F-612D-40A2-BB9B-AF2BE92B01C5}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{0EE0870D-7614-4050-A2BF-38972651F7E6}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{10237439-4E7D-44E3-98C4-59C6EA9A3A66}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{148794E3-C06C-454F-8B4B-A07EAC232566}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{1A0016B9-39C3-43DE-8B79-265545A3FC0E}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{1BF7A308-2479-4E62-A3C9-F173210F3B81}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{1FC0BC02-60DF-4B21-BF2E-76F730896EB8}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{24CD8AE1-5251-4B5B-99F6-5C76120F364F}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{2871C54A-7286-4BB1-9A9E-6D5D27926CFD}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{2AAC1C0C-5EF5-46CF-B42D-D6C1B1DF4158}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{2CEAF146-6D7E-466F-BF84-298870AA3927}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{31C6A041-E007-49B5-A314-4E30A2F0A56E}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{32652984-884F-4C1C-896E-16DE46B7E5F5}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{39FECC22-8DCB-42D0-AEB6-757B4D816C9B}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{3A79B9EE-6A55-4629-9E2E-7918ADFCE40D}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{5A58D399-52C8-42BB-BB48-3B375FD15B59}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{66C6BC23-2F8A-4A8E-B6A9-51B55775AD9F}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{6E0B81EA-56B1-4183-942C-10EC5D541C7B}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{6F5FB1CB-B202-43BE-A00A-DCD87C728D57}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{6FCB410D-6456-4D6E-92F6-5CC3BCAA09CB}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{738B09B2-0EE4-4DFD-BA3E-EFFB66EA2415}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{7D93A54A-58B6-41F3-AF2E-3577ED56FD99}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{8209673C-A299-4D22-9FC2-DE0895274C4D}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{8E409C26-E2A7-41E2-BCA0-143ECD0AC436}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{90DB6F6A-D997-4FD2-926C-5CC076C22269}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{9895D1D2-09E5-4679-8F8C-C2D6DDF3E56C}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{994E2C9F-61A8-4B50-B37E-601E7730312F}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{9E50CD8B-4C08-4EF6-8AC1-12A04CC8A972}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{A0BC4CEB-9AB8-4D18-B234-0D88467D6E1B}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{A6521ADA-E082-4D9B-B17C-6EACE3FB4C87}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{AAC733A1-C87D-4F73-BFF4-D7D42905CB84}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{ABD3F5F2-E3B5-4A58-9EF5-60F8AE4501FE}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{B11BDF1F-8942-419C-A3F2-B63B8D4B2114}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{B8C6A3AC-C11C-40DA-BCD2-09F9BE714480}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{C104AC19-7E3E-4215-B4CE-E0DBC9FDE4E0}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{C4E40644-6BE9-43C7-9E45-6C91764E9C8F}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{C877CC63-2EF1-4435-B359-FE7DFA7D8FAB}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{C8ED9884-6BA9-48B0-AF1B-AE75C6E786F5}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{CCE4493C-82B6-423D-A544-ACF5A248A69A}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{CFF96481-D539-45CA-9094-90D82BAE1895}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{D4C17716-0564-4BC0-99A5-E18E12FB6555}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{D9F970A2-7A63-4058-8AA6-C28BA2DD8610}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{DD77EDFC-E4D2-42D2-92FC-19ABF4E0E3F9}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{E095D912-AFCC-4588-A151-E1AFAB6961C0}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{EE3B994B-A185-4497-A7A8-45C6F0D694C1}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{EECED61D-6235-4C37-B512-8F0B98DE2A8D}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{EF432F67-D914-48D4-BDFB-68830F18B326}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{F3E17055-40FF-4FA9-8EF1-0C3D40537F53}
Successfully deleted: [Empty Folder] C:\Users\Leo\appdata\local\{F6CE8C3D-9289-4FD7-A232-C916FB57133C}
~~~ FireFox
Emptied folder: C:\Users\Leo\AppData\Roaming\mozilla\firefox\profiles\qrj3x8j2.default-1389906449841\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2014 at 13:50:30,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Leo (administrator) on LEO-PC on 05-02-2014 13:55:38
Running from C:\Users\Leo\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Users\Leo\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Firebird Project) C:\Program Files\firebird\firebird_2_5\bin\fbguard.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\NSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Crawler.com) C:\Program Files\Spyware Terminator\sp_rsser.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMgr.exe
(Firebird Project) C:\Program Files\firebird\firebird_2_5\bin\fbserver.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Leo\AppData\Roaming\ACEStream\updater\ace_update.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296056 2012-04-17] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [tvncontrol] - C:\Program Files\TightVNC\tvnserver.exe [1184312 2012-06-26] (GlavSoft LLC.)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024 2014-01-10] (AVAST Software)
HKLM\...\Run: [BoxSync] - c:\Program Files\Box\Box Sync\BoxSync.exe [12161792 2014-01-31] (Box, Inc.)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-1817804245-3613531340-1062189964-1000\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1817804245-3613531340-1062189964-1000\...\Run: [ACEStream] - C:\Users\Leo\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-01-28] ()
HKU\S-1-5-21-1817804245-3613531340-1062189964-1000\...\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] - 0
Startup: C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {697394D2-244D-45CF-A7E5-3EAFEDC4E0F1} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKLM - {7BAF1695-2E86-4067-A524-F7EBF757F853} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
SearchScopes: HKCU - {697394D2-244D-45CF-A7E5-3EAFEDC4E0F1} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKCU - {7BAF1695-2E86-4067-A524-F7EBF757F853} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT_de
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\qrj3x8j2.default-1389906449841
FF Homepage: hxxp://www.manutd.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.0.13.1 - C:\Users\Leo\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Leo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\qrj3x8j2.default-1389906449841\Extensions\ich@maltegoetz.de [2014-01-16]
FF Extension: DownloadHelper - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\qrj3x8j2.default-1389906449841\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-16]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\qrj3x8j2.default-1389906449841\Extensions\elemhidehelper@adblockplus.org.xpi [2014-01-16]
FF Extension: Adblock Plus - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\qrj3x8j2.default-1389906449841\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-16]
FF Extension: Adblock Edge - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\qrj3x8j2.default-1389906449841\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-24]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Leo\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
========================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-01-10] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [21504 2014-01-14] (Box Inc.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\firebird\firebird_2_5\bin\fbguard.exe [98304 2011-09-19] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\firebird\firebird_2_5\bin\fbserver.exe [3735552 2011-09-19] (Firebird Project)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
R2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-21] (Sony Corporation)
S3 OpenVPNService; C:\Program Files\FH-Aachen OpenVPN\bin\openvpnserv.exe [38926 2011-05-20] ()
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-01-20] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-01-20] (Sony Corporation)
R2 sp_rssrv; C:\Program Files\Spyware Terminator\sp_rsser.exe [488960 2010-04-26] (Crawler.com)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1184312 2012-06-26] (GlavSoft LLC.)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415592 2008-12-19] (Sony Corporation)
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-19] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-01-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-10] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-10] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-20] ()
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [142592 2010-04-26] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-05-20] (The OpenVPN Project)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
U3 ab9tiagf; C:\Windows\system32\Drivers\ab9tiagf.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-05 13:55 - 2014-02-05 13:55 - 00019994 _____ () C:\Users\Leo\Desktop\FRST.txt
2014-02-05 13:50 - 2014-02-05 13:50 - 00006496 _____ () C:\Users\Leo\Desktop\JRT.txt
2014-02-05 13:43 - 2014-02-05 13:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-05 13:40 - 2014-02-05 13:40 - 00001278 _____ () C:\Users\Leo\Desktop\AdwCleaner[S1].txt
2014-02-05 13:23 - 2014-02-05 13:23 - 01037530 _____ (Thisisu) C:\Users\Leo\Desktop\JRT.exe
2014-02-05 13:22 - 2014-02-05 13:22 - 01166132 _____ () C:\Users\Leo\Desktop\adwcleaner.exe
2014-02-05 09:58 - 2014-02-05 12:19 - 00000000 ____D () C:\Users\Leo\Desktop\mbar
2014-02-05 09:58 - 2014-02-05 11:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-05 09:39 - 2014-02-05 09:39 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Leo\Desktop\tdsskiller.exe
2014-02-05 01:22 - 2014-02-05 01:22 - 00018752 _____ () C:\ComboFix.txt
2014-02-05 00:49 - 2014-02-05 01:22 - 00000000 ____D () C:\Qoobox
2014-02-05 00:49 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-05 00:49 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-05 00:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-05 00:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-05 00:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-05 00:49 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-05 00:49 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-05 00:49 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-05 00:48 - 2014-02-05 01:19 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 00:42 - 2014-02-05 00:43 - 05179684 ____R (Swearware) C:\Users\Leo\Desktop\ComboFix.exe
2014-02-05 00:37 - 2014-02-05 00:43 - 304900574 _____ (Microsoft Corporation) C:\Users\Leo\Documents\Windows6.0-KB948465-X86.exe
2014-02-05 00:37 - 2014-02-05 00:43 - 269181388 _____ (Microsoft Corporation) C:\Users\Leo\Documents\Windows6.0-KB936330-X86-wave0.exe
2014-02-05 00:09 - 2014-02-05 13:55 - 00000000 ____D () C:\FRST
2014-02-05 00:08 - 2014-02-05 00:08 - 01137152 _____ (Farbar) C:\Users\Leo\Desktop\FRST.exe
2014-02-04 21:35 - 2014-02-05 13:24 - 00000000 ____D () C:\Users\Leo\Desktop\Virus
2014-02-04 20:55 - 2014-02-04 20:56 - 00001460 _____ () C:\Windows\KB937882.log
2014-02-04 16:14 - 2014-02-04 16:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 16:14 - 2014-02-04 16:14 - 00000000 _____ () C:\Windows\setupact.log
2014-02-04 16:05 - 2014-02-05 11:12 - 00001636 _____ () C:\Windows\PFRO.log
2014-02-04 15:47 - 2014-02-05 13:49 - 01528941 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 15:06 - 2014-02-04 16:03 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-04 15:03 - 2014-02-04 15:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LEO-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-02-04 15:01 - 2014-02-04 15:01 - 00000000 ____D () C:\RegBackup
2014-02-04 13:13 - 2014-02-04 13:13 - 00000000 ____D () C:\ProgramData\Websteroids
2014-02-04 12:45 - 2014-02-05 13:36 - 00000000 ____D () C:\AdwCleaner
2014-02-04 12:45 - 2014-02-05 11:11 - 00000000 ____D () C:\ProgramData\Updater
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\ProgramData\RHelpers
2014-02-02 12:28 - 2014-02-02 12:28 - 00000000 ____D () C:\Users\Leo\Documents\Verlobung Photos
2014-01-30 19:50 - 2014-01-30 19:50 - 00000000 ____D () C:\Users\Leo\.Box Sync
2014-01-26 21:19 - 2014-01-26 21:19 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-01-25 23:30 - 2014-01-25 23:42 - 00000000 ____D () C:\Users\Leo\Box Sync
2014-01-25 23:30 - 2014-01-25 23:30 - 00001330 _____ () C:\Users\Leo\Desktop\Box Sync.lnk
2014-01-25 23:28 - 2014-02-05 13:42 - 00000000 ____D () C:\Users\Leo\AppData\Local\Box Sync
2014-01-25 23:26 - 2014-01-25 23:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-25 23:26 - 2014-01-25 23:26 - 00000000 ____D () C:\Program Files\Box
2014-01-25 22:40 - 2014-01-25 22:40 - 00000000 ____D () C:\Users\Public\Documents\APP
2014-01-25 22:40 - 2014-01-25 22:40 - 00000000 ____D () C:\Program Files\APP
2014-01-13 22:26 - 2014-01-13 22:27 - 00124678 _____ () C:\Users\Leo\Documents\cc_20140113_222645.reg
2014-01-10 09:41 - 2014-01-10 09:41 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\AVAST Software
2014-01-10 00:51 - 2014-01-10 00:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-10 00:50 - 2014-01-10 00:56 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-10 00:50 - 2014-01-10 00:56 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
==================== One Month Modified Files and Folders =======
2014-02-05 13:55 - 2014-02-05 13:55 - 00019994 _____ () C:\Users\Leo\Desktop\FRST.txt
2014-02-05 13:55 - 2014-02-05 00:09 - 00000000 ____D () C:\FRST
2014-02-05 13:50 - 2014-02-05 13:50 - 00006496 _____ () C:\Users\Leo\Desktop\JRT.txt
2014-02-05 13:49 - 2014-02-04 15:47 - 01528941 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 13:43 - 2014-02-05 13:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-05 13:42 - 2014-01-25 23:28 - 00000000 ____D () C:\Users\Leo\AppData\Local\Box Sync
2014-02-05 13:42 - 2011-12-08 00:07 - 00000000 ___RD () C:\Users\Leo\Dropbox
2014-02-05 13:41 - 2011-12-08 00:04 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Dropbox
2014-02-05 13:40 - 2014-02-05 13:40 - 00001278 _____ () C:\Users\Leo\Desktop\AdwCleaner[S1].txt
2014-02-05 13:38 - 2010-10-19 19:01 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-02-05 13:38 - 2006-11-02 13:47 - 00003616 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 13:38 - 2006-11-02 13:47 - 00003616 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 13:38 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-05 13:37 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 13:36 - 2014-02-04 12:45 - 00000000 ____D () C:\AdwCleaner
2014-02-05 13:36 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-05 13:24 - 2014-02-04 21:35 - 00000000 ____D () C:\Users\Leo\Desktop\Virus
2014-02-05 13:23 - 2014-02-05 13:23 - 01037530 _____ (Thisisu) C:\Users\Leo\Desktop\JRT.exe
2014-02-05 13:22 - 2014-02-05 13:22 - 01166132 _____ () C:\Users\Leo\Desktop\adwcleaner.exe
2014-02-05 12:59 - 2011-11-17 23:33 - 00000622 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2011.job
2014-02-05 12:58 - 2012-10-22 11:01 - 00000640 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2012.job
2014-02-05 12:57 - 2012-04-24 22:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 12:19 - 2014-02-05 09:58 - 00000000 ____D () C:\Users\Leo\Desktop\mbar
2014-02-05 12:06 - 2011-07-06 23:39 - 00001130 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1817804245-3613531340-1062189964-1000UA.job
2014-02-05 11:20 - 2014-02-05 09:58 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-05 11:12 - 2014-02-04 16:05 - 00001636 _____ () C:\Windows\PFRO.log
2014-02-05 11:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\MSAgent
2014-02-05 11:11 - 2014-02-04 12:45 - 00000000 ____D () C:\ProgramData\Updater
2014-02-05 10:57 - 2012-04-24 22:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 10:57 - 2011-11-23 18:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 09:39 - 2014-02-05 09:39 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Leo\Desktop\tdsskiller.exe
2014-02-05 09:37 - 2012-10-22 11:01 - 00000484 _____ () C:\Windows\Tasks\AutoUpdate Allplan 2012.job
2014-02-05 09:37 - 2011-11-17 23:33 - 00000476 _____ () C:\Windows\Tasks\Allplan AutoUpdate 2011-1.job
2014-02-05 09:37 - 2011-07-06 23:39 - 00001108 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1817804245-3613531340-1062189964-1000Core.job
2014-02-05 01:22 - 2014-02-05 01:22 - 00018752 _____ () C:\ComboFix.txt
2014-02-05 01:22 - 2014-02-05 00:49 - 00000000 ____D () C:\Qoobox
2014-02-05 01:22 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-05 01:22 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Default
2014-02-05 01:19 - 2014-02-05 00:48 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 01:15 - 2008-01-21 08:16 - 01568960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 01:12 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-05 01:09 - 2006-11-02 11:22 - 74711040 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-05 01:09 - 2006-11-02 11:22 - 41156608 _____ () C:\Windows\system32\config\COMPON~1.bak
2014-02-05 01:09 - 2006-11-02 11:22 - 36175872 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-05 01:09 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-05 01:09 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-05 01:09 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-05 00:46 - 2012-09-29 12:07 - 00000000 ____D () C:\Users\Leo\Desktop\New
2014-02-05 00:43 - 2014-02-05 00:42 - 05179684 ____R (Swearware) C:\Users\Leo\Desktop\ComboFix.exe
2014-02-05 00:43 - 2014-02-05 00:37 - 304900574 _____ (Microsoft Corporation) C:\Users\Leo\Documents\Windows6.0-KB948465-X86.exe
2014-02-05 00:43 - 2014-02-05 00:37 - 269181388 _____ (Microsoft Corporation) C:\Users\Leo\Documents\Windows6.0-KB936330-X86-wave0.exe
2014-02-05 00:08 - 2014-02-05 00:08 - 01137152 _____ (Farbar) C:\Users\Leo\Desktop\FRST.exe
2014-02-04 21:48 - 2009-04-08 15:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-04 20:56 - 2014-02-04 20:55 - 00001460 _____ () C:\Windows\KB937882.log
2014-02-04 16:52 - 2010-09-19 13:12 - 00000000 ____D () C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2014-02-04 16:14 - 2014-02-04 16:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 16:14 - 2014-02-04 16:14 - 00000000 _____ () C:\Windows\setupact.log
2014-02-04 16:11 - 2009-10-04 11:13 - 00155264 _____ () C:\Users\Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-04 16:06 - 2006-11-02 13:47 - 00521160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-04 16:03 - 2014-02-04 15:06 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-04 15:03 - 2014-02-04 15:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LEO-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-02-04 15:01 - 2014-02-04 15:01 - 00000000 ____D () C:\RegBackup
2014-02-04 13:13 - 2014-02-04 13:13 - 00000000 ____D () C:\ProgramData\Websteroids
2014-02-04 13:13 - 2012-02-05 20:09 - 00000000 ____D () C:\Users\Leo\Desktop\Alles
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\ProgramData\RHelpers
2014-02-04 12:36 - 2013-08-17 18:28 - 00000000 ____D () C:\Users\Leo\AppData\Local\DM
2014-02-04 12:07 - 2010-03-22 00:37 - 00000000 ____D () C:\Program Files\Full Tilt Poker
2014-02-04 12:04 - 2011-07-14 23:31 - 00000000 ____D () C:\Program Files\EasyBurning
2014-02-04 12:03 - 2010-11-11 01:34 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-02-04 12:03 - 2009-10-08 20:51 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-02-04 12:02 - 2010-11-11 01:34 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-02-04 11:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-03 20:59 - 2013-09-04 11:00 - 00000000 ____D () C:\Users\Leo\Documents\DUBAI_foto
2014-02-02 12:28 - 2014-02-02 12:28 - 00000000 ____D () C:\Users\Leo\Documents\Verlobung Photos
2014-02-01 17:39 - 2013-04-22 20:29 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\.ACEStream
2014-02-01 17:39 - 2013-04-22 20:29 - 00000000 ____D () C:\_acestream_cache_
2014-01-30 19:50 - 2014-01-30 19:50 - 00000000 ____D () C:\Users\Leo\.Box Sync
2014-01-30 19:50 - 2009-10-04 11:13 - 00000000 ____D () C:\Users\Leo
2014-01-27 23:01 - 2010-04-26 22:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-27 20:02 - 2012-05-23 08:42 - 00001440 _____ () C:\Users\Leo\AppData\Local\FriloWebInfo.html
2014-01-27 20:02 - 2012-05-23 08:37 - 00000000 ____D () C:\Users\Leo\AppData\Local\5a4cf8ca-080e-48f6-b512-229638b7ce10
2014-01-26 23:49 - 2012-12-03 16:06 - 00004369 _____ () C:\ProgramData\hpzinstall.log
2014-01-26 23:48 - 2012-03-02 00:29 - 00000000 ____D () C:\Program Files\HP
2014-01-26 23:47 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2014-01-26 23:41 - 2012-03-02 00:29 - 00000000 ____D () C:\ProgramData\HP
2014-01-26 22:22 - 2012-05-07 23:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-01-26 21:19 - 2014-01-26 21:19 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-01-26 19:24 - 2012-05-23 08:32 - 00000000 ____D () C:\ProgramData\Frilo2010
2014-01-25 23:42 - 2014-01-25 23:30 - 00000000 ____D () C:\Users\Leo\Box Sync
2014-01-25 23:30 - 2014-01-25 23:30 - 00001330 _____ () C:\Users\Leo\Desktop\Box Sync.lnk
2014-01-25 23:28 - 2014-01-25 23:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-25 23:26 - 2014-01-25 23:26 - 00000000 ____D () C:\Program Files\Box
2014-01-25 23:07 - 2009-10-06 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-01-25 22:40 - 2014-01-25 22:40 - 00000000 ____D () C:\Users\Public\Documents\APP
2014-01-25 22:40 - 2014-01-25 22:40 - 00000000 ____D () C:\Program Files\APP
2014-01-25 20:30 - 2014-01-03 19:05 - 00000000 ____D () C:\Users\Leo\Documents\Loris
2014-01-16 09:59 - 2010-07-31 17:43 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-13 22:27 - 2014-01-13 22:26 - 00124678 _____ () C:\Users\Leo\Documents\cc_20140113_222645.reg
2014-01-13 22:25 - 2010-12-20 18:56 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\DAEMON Tools Lite
2014-01-13 22:24 - 2012-01-24 23:44 - 00000000 ____D () C:\Program Files\PDFCreator
2014-01-13 22:24 - 2011-02-04 13:24 - 00000000 ____D () C:\Users\Leo\AppData\Local\MediaMonkey
2014-01-13 22:24 - 2009-10-04 20:52 - 00000000 ____D () C:\Users\Leo\Tracing
2014-01-13 22:24 - 2009-03-05 18:21 - 00000000 ____D () C:\Windows\Panther
2014-01-10 09:41 - 2014-01-10 09:41 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\AVAST Software
2014-01-10 00:56 - 2014-01-10 00:50 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-10 00:56 - 2014-01-10 00:50 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-10 00:56 - 2011-03-24 22:51 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-10 00:56 - 2010-12-23 19:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-10 00:56 - 2010-04-26 17:47 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-10 00:56 - 2010-04-26 17:47 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-10 00:56 - 2010-04-26 17:47 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-10 00:56 - 2010-04-26 17:47 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-01-10 00:56 - 2010-04-26 17:46 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-10 00:51 - 2014-01-10 00:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-10 00:50 - 2006-11-02 11:23 - 00002577 _____ () C:\Windows\system32\config.nt
2014-01-09 16:30 - 2011-12-08 00:07 - 00000913 _____ () C:\Users\Leo\Desktop\Dropbox.lnk
2014-01-09 16:30 - 2011-12-08 00:05 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-08 15:00 - 2010-04-26 21:41 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
Files to move or delete:
====================
C:\Users\Leo\AppData\Roaming\desktop.ini
Some content of TEMP:
====================
C:\Users\Leo\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-05 13:46
==================== End Of Log ============================
|
|
05.02.2014, 15:11
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Open Candy Virus, CPU-Auslastung 100 % Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2014, 15:53
| #23 |
| | Open Candy Virus, CPU-Auslastung 100 % Der ESET Online Scanner sagt mir, dass ich einen "Spyware Terminator" aktiviert habe, aber ich finde den nirgends auf meinem PC! Soll ich trotzdem laufen lassen ? Hier schon mal die Logdatei vom MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.05.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Leo :: LEO-PC [Administrator] 05.02.2014 15:16:20 mbam-log-2014-02-05 (15-16-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233066 Laufzeit: 14 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\ProgramData\RHelpers (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
05.02.2014, 16:01
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Open Candy Virus, CPU-Auslastung 100 % Doch, ESET scheint recht zu haben: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2014, 16:07
| #25 |
| | Open Candy Virus, CPU-Auslastung 100 % Der Prozess wurde beendet, aber ESET sagt nach Neustart des Programms immer noch, dass Spyware Terminator aktiv ist :S |
|
05.02.2014, 16:08
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Open Candy Virus, CPU-Auslastung 100 % Dann ignorier es 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2014, 21:54
| #27 |
| | Open Candy Virus, CPU-Auslastung 100 % So endlich fertig nach 5 Stunden Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=94e8486444304045b31f027b71cbb37d
# engine=16952
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-05 08:20:29
# local_time=2014-02-05 09:20:29 (+0100, Mitteleuropäische Zeit )
# country="Luxembourg"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 39238 229164357 0 0
# compatibility_mode=7937 16777214 42 25 84539291 84539291 0 0
# scanned=410995
# found=8
# cleaned=0
# scan_time=18564
sh=7D7B2A4DD0D7EB08FA5A7BB5788A197C2B19AFA5 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.KC trojan" ac=I fn="C:\Dokumente und Einstellungen\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1e901b56-579a53d1"
sh=9BA70E85D592D971C42C05BCA9ED691E929DE20F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.EB trojan" ac=I fn="C:\Dokumente und Einstellungen\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3bd78f98-619518ed"
sh=A5BE7827C50247DB62D069082AFF734BF545B0B8 ft=0 fh=0000000000000000 vn="Java/Agent.BZ trojan" ac=I fn="C:\Dokumente und Einstellungen\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\23a501b-29929ab4"
sh=62B3850D4BA5D106CF51CD95F72EB8EC35CB60F1 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2009-3869.B trojan" ac=I fn="C:\Dokumente und Einstellungen\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5541aec4-13d1cc5d"
sh=7D7B2A4DD0D7EB08FA5A7BB5788A197C2B19AFA5 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.KC trojan" ac=I fn="C:\Users\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1e901b56-579a53d1"
sh=9BA70E85D592D971C42C05BCA9ED691E929DE20F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.EB trojan" ac=I fn="C:\Users\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3bd78f98-619518ed"
sh=A5BE7827C50247DB62D069082AFF734BF545B0B8 ft=0 fh=0000000000000000 vn="Java/Agent.BZ trojan" ac=I fn="C:\Users\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\23a501b-29929ab4"
sh=62B3850D4BA5D106CF51CD95F72EB8EC35CB60F1 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2009-3869.B trojan" ac=I fn="C:\Users\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5541aec4-13d1cc5d"
|
|
06.02.2014, 09:45
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Open Candy Virus, CPU-Auslastung 100 % TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2014, 19:34
| #29 |
| | Open Candy Virus, CPU-Auslastung 100 % Super, vielen Dank TFC ist durchgelaufen und hat den pc danach neugestartet Eigentlich läuft alles wieder wie es soll, nur dass seitdem ich den "adwcleaner" laufen liess, ist auf meinen Dateien ein komisches Zeichen(siehe Anhang) Die 2 Bilder im Anhang verursachen hauptsächlich beim Neustart des Pcs auch eine hohe CPU-Auslastung, und auch danach ist die Auslastung meistens immer noch über 30 %. Ist das Normal ? Soll ich die Programme wieder alle löschen oder sicherheitshalber behalten und in einen Ordner schieben ^^ |
|
07.02.2014, 00:29
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Open Candy Virus, CPU-Auslastung 100 % Lass mal alle Windows-Updates laufen, siehe weiter unten Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Open Candy Virus, CPU-Auslastung 100 % |
| 100%, anhang, anti-malware, auf einmal, cpu-auslastung, cpu-auslastung 100 %, interessante, log-datei, malwarebytes, malwarebytes anti-malware, nicht mehr, open candy, opencandy, pup.optional.dynconie.a, pup.optional.searchagent, pup.optional.searchdonkey.a, speichern, trojan.agent, vergessen, vollständige, wmiprvseexe, zusammen |
Linear-Darstellung
